The purpose of an organization’s Vulnerability Assessment program is to establish controls and processes that will help the organization identify its vulnerabilities within the firm’s technology infrastructure and information system components. This is essential because these vulnerabilites can potentially be exploited by attackers who seek to gain unauthorized access to the organization's systems, disrupt its business operations, and steal or leak sensitive data.
The purpose of an organization's Patch Management program and policy is to identify controls and processes that will provide the organization with the appropriate protection against the vulnerabilities and threats identified by the vulnerability assessment program. These vulnerabilities and threats could adversely affect the security of the organization’s information system or data entrusted on the information system.
In this live webinar, join Cyber Security Expert, Derek A. Smith, who will examine ways to build an effective vulnerability and patch management program. He will show attendees how to effectively implement controls that could create a consistently configured environment that is secure against known vulnerabilities. Derek will also examine 5 key areas:
- The threat monitoring process; the ongoing process of gathering information about new and emerging threats to an organization's IT assets.
- Conducting vulnerability assessments; identify and analyze vulnerabilities associated with technology assets.
- Configuration management; the practice of standardizing the configuration of similar technology assets based on documented configurations in accordance with applicable policies.
- How to perform vulnerability remediation management; to evaluate identified vulnerabilities, assign risk based on likelihood and impact, plan an appropriate response, track the response through completion, and periodically verifying completion.
- Examine the vulnerability and patch management detailed process phases; including components of patch management and their requirements.
Derek A. Smith is an expert at cybersecurity, cyber forensics, healthcare IT, SCADA security, physical security, investigations, organizational leadership and training. He is currently an IT Supervisor at the Internal Revenue Service. He is also owner of The Intercessors Investigative and Training Group (www.theintercessorgroup.com). Formerly, Derek worked for several IT companies including Computer Sciences Corporation and Booz Allen Hamilton. Derek spent 18 years as a special agent for various government agencies and the military. He is also a cyber security professor at the University of Maryland, University College and Virginia University of Science and Technology and has taught for over 25 years. Derek is retired from the US Army and also served in the US Navy, and Air Force for a total of 24 years. He is completing his Doctorate Degree in Organizational Leadership and has completed an MBA, MS in IT Information Assurance, Masters in IT Project Management, and a BS in Education. Derek has written several books including Cybersense: The Leaders Guide to Protecting Critical Information, and its companion workbook, and he has contributed to several other books as an author and technical adviser.
